fix(auth): reuse HTTP client and use URL-encoded token in status command

dumko2001 · dumko2001 · commit 960d2b9e973b · 2026-03-18T16:16:50.000+05:30
diff --git a/src/auth_commands.rs b/src/auth_commands.rs
@@ -1070,6 +1070,8 @@ async fn handle_status() -> Result<(), GwsError> {
     // If we have credentials or a direct token, try to get live info (user, scopes, APIs)
     // Skip all network calls and subprocess spawning in test builds
     if !cfg!(test) {
+        let http_client = reqwest::Client::new();
+
         let direct_token = std::env::var("GOOGLE_WORKSPACE_CLI_TOKEN")
             .ok()
             .filter(|t| !t.is_empty());
@@ -1095,7 +1097,6 @@ async fn handle_status() -> Result<(), GwsError> {
                         (client_id, client_secret, refresh_token)
                     {
                         // Exchange refresh token for access token
-                        let http_client = reqwest::Client::new();
                         let token_resp = http_client
                             .post("https://oauth2.googleapis.com/token")
                             .form(&[
@@ -1147,7 +1148,6 @@ async fn handle_status() -> Result<(), GwsError> {
 
         if let Some(at) = access_token {
             output["token_valid"] = json!(true);
-            let http_client = reqwest::Client::new();
 
             // Get user info
             if let Ok(user_resp) = http_client
@@ -1164,8 +1164,12 @@ async fn handle_status() -> Result<(), GwsError> {
             }
 
             // Get granted scopes via tokeninfo
-            let tokeninfo_url = format!("https://oauth2.googleapis.com/tokeninfo?access_token={}", at);
-            if let Ok(info_resp) = http_client.get(&tokeninfo_url).send().await {
+            if let Ok(info_resp) = http_client
+                .get("https://oauth2.googleapis.com/tokeninfo")
+                .query(&[("access_token", &at)])
+                .send()
+                .await
+            {
                 if let Ok(info_json) = info_resp.json::<serde_json::Value>().await {
                     if let Some(scope_str) = info_json.get("scope").and_then(|v| v.as_str()) {
                         let scopes: Vec<&str> = scope_str.split(' ').collect();
@@ -1176,6 +1180,7 @@ async fn handle_status() -> Result<(), GwsError> {
             }
         }
 
+
         // Show enabled APIs if we have a project_id
         if let Some(pid) = output.get("project_id").and_then(|v| v.as_str()) {
             let enabled = crate::setup::get_enabled_apis(pid);
